Open Source Ecosystems:
Challenges and Opportunities
Walt Scacchi
Institute for Software Research
and
Institute for Virtual Environments and Computer Games
University of California, Irvine
Irvine, CA 92697-3455 USA
Http://www.ics.uci.edu/~wscacchi
Overview
●
Definition of terms (for this presentation)
●
Personal history of OSS ecosystem studies
●
OSS requirements practices and processes
●
OSS role sets and role migration
●
●
Component-based open architecture software
systems
–
Intellectual property licenses
–
Cybersecurity
Conclusions
What is open source?
●
●
●
Open source software (OSS) denotes
specifications, representations, socio-technical
processes, and multi-party coordination
mechanisms in human readable, computer
processable formats.
Socio-technical control of OSS is elastic,
negotiated, and amenable to decentralization.
OSS development subsidized by participants.
What is a (software) ecosystem?
●
●
●
An ecology of systems with diverse species
juxtaposed in adaptive prey-predator food chain
relationships.
Economic network of processes that transform
the flow of resources, enacted by actors in
different roles, using tools, to produce products,
services, or capabilities.
Software supply network of component
producers, system integrators, and consumers.
Personal History of OSS Ecosystem Studies
●
2000-2015 (60+ publications)
–
●
●
●
Computer games, defense, X-ray astronomy,
Internet/Web infrastructure, bioinformatics, higher
education, e-commerce, neuroscience, virtual reality.
Discovering requirements practices and
processes across OSS communities of practice.
Participant role sets, role migration, and social
movements within/across OSS projects.
Open architecture (OA) systems with
heterogeneously licensed components.
Web software ecosystem
Source: C. Jensen and W. Scacchi, Process Modeling Across the Web Information Infrastructure,
Software Process--Improvement and Practice, 10(3), 255-272, July-September 2005.
6
7
NetBeans self-organized
coordination and control
Legend: Boxes are activities (using informalisms); Ellipses are resources required or provided; Actor roles
in boldface; flow dependencies as arrows.
8
9
Artifact ecologies and repositories enable
collaboration in OSS development
Email lists
Discussion
forums
News postings Project digests
IM/Internet
Relay Chat
Scenarios of
usage
How-to guides
Screenshots
FAQs; to-do
lists: item lists
Project Wikis
System
documentation
External
publications
Copyright
licenses
Architecture
diagrams
Intra-app
scripting
Plug-ins
Code from
other projects
Project Web
site
Multi-project
portals
Project source
code web
Project
repositories
Software bug
reports
Issue tracking
databases
Blogs, videos,
photos, etc.
Institute for Software Research, UCI
10
A meritocratic role sets, role hierarchy,
and role migration paths for OSSD
Source: C. Jensen and W. Scacchi, Role Migration and Advancement Processes in OSSD Projects: A Comparative Case Study, in Proc. 29th.
Intern. Conf. Software Engineering, Minneapolis, MN, May 2007, 364-374.
11
OA software ecosystems
Software supply network for OA
system components: Component IP
license and cybersecurity
requirements propagate from/to
Producers, Integrators, and
Consumers
OA development ecosystems
A sample elaboration of producers (vendors), software
component applications, and IP licenses for OA system
components.
Open Architectures, OSS, and
OSS license analysis
• Goal: identify software architecture principles
and IP licenses that mediate OA
• OSS elements subject to different IP licenses
• Govt/business policies and initiatives now
encouraging OA with OSS elements
• How to determine the requirements needed to
realize OA strategies with OSS?
Source: W. Scacchi and T. Alspaugh, Emerging Issues in the Acquisition of Open Source Software within the U.S. Department of
Defense, Proc. 5th Annual Acquisition Research Symposium, Vol. 1, 230-244, NPS-AM-08-036, Naval Postgraduate School,
Monterey, CA, 2008.
14
Open Architecture Example
Legend: Grey boxes are
components; ellipses
are connectors; white
boxes are interfaces;
arrows are data or
control flow paths;
complete figure is
architectural design
configuration
15
OSS elements subject to different
IP/Security licenses
• Intellectual Property and Security licenses stipulate
rights and obligations regarding use of the software
components/systems
• How to determine which rights and obligations will
apply to a component-based configured system?
– At design-time (maximum flexibility)
– At integration build-time (may/not be able to redistribute
components at hand)
– At release deployment run-time (may/not need to
install/link-to components from other sources)
Source: T. Alspaugh, H. Asuncion, and W. Scacchi, Intellectual Property Rights Requirements for Heterogeneously
Licensed Systems, in Proc. 17th. Intern. Conf. Requirements Engineering (RE09), Atlanta, GA, 24-33, September
2009.
16
Design-time view of an OA system
17
Software product line of functionally
similar OA system alternatives
18
Product line selection of one
alternative system configuration
19
A security capability specification encapsulating the designtime configuration via multiple virtual machine containers
20
Build-time view of OA design selecting
OSS product family alternatives
21
Run-time deployment view of OA
system family member configuration
22
Product line selection of different
functionally similar alternative
23
Run-time deployment view of a similar
alternative OA system configuration
24
Build-time view of OA design selecting
proprietary product family alternatives
25
Conclusions
●
●
●
OSS ecosystems can be:
–
modeled, analyzed, and understood, via
–
discovery of actor practices and processes, that
–
manipulate artifact ecologies, with
–
different tools and repositories, across
–
diverse OSS project communities.
OSS ecosystems pose new challenges and
opportunities in Intellectual Property and
Cybersecurity.
OSS ecosystems can be shaped and
stimulated to act via strategic actions.
26
Acknowledgements
Research collaborators (partial list)
●
●
Mark Ackerman, UMichigan, Ann Arbor; Kevin Crowston,
Syracuse U; Les Gasser, UIllinois, Urbana-Champaign; Chris
Jensen, Google; Greg Madey, Notre Dame U; John Noll, LERO;
Megan Squire, Elon U; and others.
Thomas Alspaugh, Hazel Asuncion, Margaret Elliott, and others
at the UCI ISR.
Funding support (No endorsement, review, or approval implied).
• National Science Foundation: #0083075, #0205679, #0205724,
#0350754, #0534771, #0749353, #0808783, and #1256593.
• Naval Postgraduate School
– Acquisition Research Program (2007-2015+)
• N00244-1-15-0010 (2015-2016)
– Center for the Edge Research Program (2010-2012).
• Computing Community Consortium (2009-2010).
27